Posted by: Rod Kurtz on August 21, 2009

As small businesses increase their employee base and branch out to other areas and regions, business owners often falter by implementing group passwords to make IT easier on their employees.

It’s an axiom of good password management that the use of group passwords greatly reduces the security of the overall system. Not only does it significantly increase the probability that a password is lost or stolen, but also creates a lack of accountability when it comes to password management.

The final variable that affects password effectiveness is age. The best passwords are fresh passwords (it’s a little like fruit). The longer a password is in use the more likely it is to be discovered, one way or another, and used to perpetrate a data breach. Larger enterprises often require employees to change their system passwords at least every 90 days.

By combining longer and more variable passwords, requiring the use of different passwords for system and e-mail access, avoiding group passwords and making sure you’re using fresh passwords, you will dramatically decrease the probability of experiencing a significant data breach.

Phillip Dunkelberger
President and CEO
PGP Corp.
Menlo Park, Calif.

Reader Comments

Brian K

August 21, 2009 6:13 PM

We use Mitto (http://mitto.com) at our company. Each person has their own Mitto account, and can store their own passwords securely. And for group passwords, the service let's you share between existing Mitto users. This has made it a lot easier and safer to manage. When someone leaves our group, we simply remove their access to the website, and then change the password. All the users always have the most updated, strong password, and it all happens transparently.

Oliver Jackson

August 22, 2009 12:19 AM

I agree that having a variety of passwords, and changing them regularly, are important security measures along with using random, impossible-to-guess passwords.

The problem is how to manage all that information. Fortunately there are a number of low cost, simple-to-use password management tools out there that everyone should be using, such as:

Desktop software: 1Password, KeePass, SignUpShield, Roboform

USB drives: Ironkey, ID Vault

Websites: PassPack, Mitto, Lastpass

Standalone device: Mandylion, Atek Logio

There are some tradeoffs for each product in terms of security, portability, and convenience.

Dana Thompson

August 24, 2009 3:31 AM

Group passwords do increase the security risk considerably. When it comes to password age, change the passwords on a regular basis. Use a password that's a combination of letters, numbers and symbols. In order to remember passwords, use a password manager like Billeo. https://addons.mozilla.org/en-US/firefox/addon/12715

Post a comment

Name

Email

Comment

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.